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DETAILED ACTION 

1. This is a non-Final Office Action in response to the applicant's communication filed on 
April 08, 2009. 

Response to Arguments 

2. Applicant's arguments with respect to claims 1-12 and 49-51 have been considered but 
are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 

4. Claims 1, 4-7 10-12, 49 and 5 1 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Kumar et al. (Hereinafter referred to as Kumar, US Pat. No.: 7, 024, 695) in view of Funk 
(US Pat. No.: 7, 363, 500) and in further view of Wu (US. Pub. No.: 2004/0068572) 

As per claim 1 : 

Kumar discloses a method for authenticating a computing device, the method comprising 
the following steps: 
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issuing a credential based on session information, a hash seed and credential information 
from a first computing device to a second computer computing device (column 5: lines 2-14); 

transmitting said credential and a computer challenge from the second computer 
computing device to the first computer computing device when the second computing device is 
to be authenticated (column 5: lines 2-14; column 6: lines 45-65; Figure 5: server challenge; 
Client DPC authentication challenge response); 

transmitting a response to said computer challenge from said first computer computing 
device to said second computer computing device (column 6: lines 55-65; column 7: lines 1-13; 
Figure 5: challenge response); and 

verifying said response with said second computer computing device in order to 
authenticate and verify said computers computing devices (column 7: lines 30-40; Figure 5: 
Authentication response; DPC command response; success/Failure). 

Kumar does not explicitly disclose credential based on a maximum iterative value 
security parameters. Funk in analogous art, however discloses, credential based on a maximum 
iterative value security parameters (column 4: lines 10-24; column 7: lines 37-42; column 18: 
lines 35-65). Therefore, it would have been obvious to a person having ordinary skill in the art at 
the time the invention was made to modify the system disclosed by Kumar to include credential 
based on a maximum iterative value security parameters. This modification would have been 
obvious because a person having ordinary skill in the art would have been motivated to do so to 
provide secure authentication against man in the middle attack for inner protocols that can 
generate encryption keys as suggested by Funk in (column 5: lines 25-33). 



Application/Control Number: 10/743,796 
Art Unit: 2437 



Page 4 



Kumar and Funk do not explicitly disclose credential based on an expiration time and 
upon a loss of connection transmitting credential and challenge. Wu in analogous art, however 
discloses, credential based on an expiration time and upon a loss of connection transmitting 
credential and challenge (0012; 0014; 0057; 0059; 0072; 0073). Therefore, it would have been 
obvious to a person having ordinary skill in the art at the time the invention was made to modify 
the system disclosed by Kumar and Funk to include credential based on an expiration time This 
modification would have been obvious because a person having ordinary skill in the art would 
have been motivated to do so to provide methods and systems for enabling a user to disconnect 
from a communication session with a web server and then reconnect to the same session 
anytime, from any place, and via any device as suggested by Wu (0002-0003). 

As per claim 7: 

Kumar discloses a system for authenticating a computer, the system comprising: 
a first computer (figure 5: client ); and 

a second computer in communication with the first computer (figure 5 : server); 

wherein the first computer and the second computer are configured to execute the 
following instructions (Figure 5: Authentication and data integrity protocol): 

issuing a credential based on session information, a hash seed, credential information 
from a first computing device to a second computer computing device (column 5: lines 2-14); 
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transmit the credential and a challenge from the second computer to the first computer 
when the second computer is to be authenticated (column 5: lines 2-14; column 6: lines 45-65; 
Figure 5: server challenge; Client DPC authentication challenge response); 

transmit a response to the challenge from the first computer to the second computer 
(column 6: lines 55-65; column 7: lines 1-13; Figure 5: challenge response); and 

verify the response with the second computer in order to authenticate and verify the 
computers (column 7: lines 30-40; Figure 5: Authentication response; DPC command response; 
success/Failure). 

Kumar does not explicitly disclose credential based on a maximum iterative value 
security parameters. Funk in analogous art, however discloses, credential based on a maximum 
iterative value security parameters (column 4: lines 10-24; column 7: lines 37-42; column 18: 
lines 35-65). Therefore, it would have been obvious to a person having ordinary skill in the art at 
the time the invention was made to modify the system disclosed by Kumar to include credential 
based on a maximum iterative value security parameters. This modification would have been 
obvious because a person having ordinary skill in the art would have been motivated to do so to 
provide secure authentication against man in the middle attack for inner protocols that can 
generate encryption keys as suggested by Funk in (column 5: lines 25-33). 

Kumar and Funk do not explicitly disclose credential based on an expiration time and 
upon a loss of connection transmitting credential and challenge. Wu in analogous art, however 
discloses, credential based on an expiration time and upon a loss of connection transmitting 
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credential and challenge (0012; 0014; 0057; 0059; 0072; 0073). Therefore, it would have been 
obvious to a person having ordinary skill in the art at the time the invention was made to modify 
the system disclosed by Kumar and Funk to include credential based on an expiration time. This 
modification would have been obvious because a person having ordinary skill in the art would 
have been motivated to do so to provide methods and systems for enabling a user to disconnect 
from a communication session with a web server and then reconnect to the same session 
anytime, from any place, and via any device as suggested by Wu (0002-0003). 

As per claims 4 and 10: 

Haverinen discloses a method and a system, wherein the predetermined function is a hash 
function (column 6: lines 23-35). 

As per claims 5 and 1 1 : 

Kumar discloses a method and a system, wherein the second computing device 
establishes a connection with the first computer computing device when the response is valid 
(Figure 6: DPC command and response; Success/Failure). 

As per claim 49: 

Kumar discloses a method for authenticating a computer, the method comprising the 
following steps: 

issuing a credential based on session information, a hash seed, credential information 
from a first computing device to a second computer computing device (column 5: lines 2-14); 
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in response to a connection between the first computer and the second computer being 
terminated, 

transmitting said credential and a computer challenge from the second computer to the 
first computer when the second computer is to be authenticated (column 5: lines 2-14; column 6: 
lines 45-65; Figure 5: server challenge; Client DPC authentication challenge response); 

transmitting a response to said computer challenge from said first computer to said 
second computer (column 6: lines 55-65; column 7: lines 1-13; Figure 5: challenge response); 
and 

verifying at said second computer whether said response is valid, wherein said second 
computer re-establishes a connection with the first computer when the response is valid (column 
7: lines 30-40; Figure 5: Authentication response; DPC command response; success/Failure). 

Kumar does not explicitly disclose credential based on a maximum iterative value 
security parameters. Funk in analogous art, however discloses, credential based on a maximum 
iterative value security parameters (column 4: lines 10-24; column 7: lines 37-42; column 18: 
lines 35-65). Therefore, it would have been obvious to a person having ordinary skill in the art at 
the time the invention was made to modify the system disclosed by Kumar to include credential 
based on a maximum iterative value security parameters. This modification would have been 
obvious because a person having ordinary skill in the art would have been motivated to do so to 
provide secure authentication against man in the middle attack for inner protocols that can 
generate encryption keys as suggested by Funk in (column 5: lines 25-33). 
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Kumar and Funk do not explicitly disclose credential based on an expiration time and 
upon a loss of connection transmitting credential and challenge. Wu in analogous art, however 
discloses, credential based on an expiration time and upon a loss of connection transmitting 
credential and challenge (0012; 0014; 0057; 0059; 0072; 0073). Therefore, it would have been 
obvious to a person having ordinary skill in the art at the time the invention was made to modify 
the system disclosed by Kumar and Funk to include credential based on an expiration time. This 
modification would have been obvious because a person having ordinary skill in the art would 
have been motivated to do so to provide methods and systems for enabling a user to disconnect 
from a communication session with a web server and then reconnect to the same session 
anytime, from any place, and via any device as suggested by Wu (0002-0003). 

As per claims 6, 12 and 5 1 : 

Wu discloses a method and system, wherein the first computer computing device 
determines whether the credential transmitted from the second computer computing device is 
valid by determining whether the expiration time of the credential has been exceeded (0072; 
0073). 

Allowable Subject Matter 

5. Claims 2, 3, 8, 9 and 50 are objected to as being dependent upon a rejected base claim, 
but would be allowable if rewritten in independent form including all of the limitations of the 
base claim and any intervening claims. 
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The following is a statement of reasons for the indication of allowable subject matter: 
Claims 2, 3, 8 and 9 include the following features which are not taught or further suggested and 
would not have been obvious over prior arts of record and these features are: the challenge is a 
random number generated by the second computer computing device and the first computing 
device computes the response to the challenge by performing a predetermined function on the 
random number, wherein the second computer computing device determines whether the first 
computer computing device response is valid by performing the predetermined function on the 
random number and comparing the result to the response 

Claim 50 includes the following features which are not taught or further suggested and 
would not have been obvious over prior arts of record and these features are: the challenge 
comprises a random number generated by the second computer, wherein the first computer 
generates the response to the challenge by calculating a predetermined function of the random 
number, and wherein the second computer verifies whether the response is valid by calculating 
the predetermined function of the random number and comparing the result of the calculation to 
the response 

6. Claims 13-44 and 48 are allowed. The following is an examiner's statement of reasons 
for allowance 

Claims 13, 24, and 35 include the following features which are not taught or further 
suggested and would not have been obvious over prior arts of record and these features are: 

issuing a credential based on session information, a hash seed, a maximum iterative value 
security parameters, credential information and an expiration time from a first computer to a 
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second computer; transmitting the credential and a generated first challenge from the second 
computer to the first computer; 

determining with the first computer whether the credential is valid and computing a first 
response to the first challenge and a second challenge with the first computer and transmitting 
them to the second computer; determining with the second computer whether the first response 
is valid and computing a second response to the second challenge with the second computer; and 
transmitting them to the first computer; and 

determining with the first computer whether the second response is valid to verify and 
authenticate the computers. 

Claim 48 include the following features which are not taught or further suggested and 
would not have been obvious over prior arts of record and these features are: 

issuing a credential based on session information, a hash seed, a maximum iterative value 
security parameters, credential information and an expiration time from the first user to the 
second user to authenticate them with a computer; and generating a first challenge with the 
second user; transmitting the credential and the first challenge to the first user; 

determining with the first user whether the credential is valid and generating with the first 
user a first response to the first challenge and a second challenge and transmitting them to the 
second user; determining with the second user whether the first response is valid; generating with 
the second user a second response to the second challenge and transmitting the second response 
to the first user; and 
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determining with the first user whether the second response is valid in order to 
authenticate and verify the first and second users. 

Conclusion 

7. The prior arts made of record and not relied upon are considered pertinent to applicant's 
disclosure. See the notice of reference cited in form PTO-892 for additional prior arts. 

Contact Information 

8. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Techane J. Gergiso whose telephone number is (571) 272-3784 
and fax number is (571) 273-3781. The examiner can normally be reached on between 9:00am - 
6:00pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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